01 April 2008 Comments

 

Collaboration is key to combating crime

Michelle Weatherhead, ACI Worldwide

Fraudsters are becoming increasingly adept at sharing invaluable knowledge and tips through online forums and social networking sites that will help them steal more and more money from financial institutions and their customers through activities such as phishing, money laundering and ultimately, in some cases, identity theft.

But while fraudsters have been sharing information and growing their sizeable profits, financial institutions have failed to follow their example and take a more collaborative approach to fraud prevention and detection. As the seamless movement of money cross-border becomes a reality with SEPA, banks must address their current fraud strategies and begin to work together in the fight against the crime.

Fraud is constantly evolving and migrating as fraudsters look for new outlets when former ones are secured. Following the introduction of EMV cards in parts of Europe, for example, fraud moved to softer target markets where EMV had not been rolled out and also to the cardholder-not-present environment.

SEPA will deliver greater transparency for conducting transactions between countries and across borders, but this will create new and difficult challenges for financial institutions’ fraud departments. Banks have woken up to the increased risks they face as a result of SEPA and are now as addressing them as a priority. The potential impact of a security failure not only on revenue, but also on a bank’s brand and customer experience creates a strong business case for making the required investment.

Currently, many banks do not have the necessary anti-fraud strategies in place to protect themselves and their customers in the post-SEPA environment. In order to face up to this security challenge, banks must become more open to sharing fraud-related data, ultimately collaborating with other financial institutions to fight the crime.

The primary step for banks to respond to the security challenge of SEPA is to deconstruct the traditional silos which exist internally where each payment instrument is dealt with separately. Banks need to implement enterprise-wide risk monitoring systems that oversee and cross-reference data from multiple payment channels, including SEPA-compliant cross-border transactions, to provide fraud teams with a complete picture. Transaction and account information from a variety of channels will enable banks to better detect and put a stop to suspicious activities. While multi-channel monitoring should already be a key component in any banks’ risk approach, as they add further channels and endeavour to offer customers greater flexibility, enterprise risk management will become even more important in the post-SEPA environment.

Financial institutions must address potentially fraudulent transactions at the point of access as well as those that have avoided initial detection but appear suspicious in nature. According to the UK Payments Association, APACS, nearly 15 million people in the UK now use the internet to access their bank accounts and millions more regularly shop online. As the internet is not restricted by national borders that can be physically protected, it is one of the most high-risk banking channels available.

Security techniques that can work in conjunction with enterprise-wide risk management include two-factor authentication, real-time risk monitoring and the tracking of internet log-on details to generate alerts against suspicious IP addresses. The profiling of customer IP addresses as part of an IP intelligence solution can track internet log-on details and generate alerts against suspicious activity, effectively monitoring bank customers’ online activity to identify potentially fraudulent behaviour.

At the heart of all of these technologies must lie the ability to feed increasing amounts of fraud-related data into a more collaborative monitoring solution. Akin to the way in which fraudsters share information to strengthen their attacks to be more equipped to target multiple banking channels, financial institutions must introduce an enterprise-wide risk management solution. The newly formed FPEG (Fraud Prevention Expert Group) which discusses the preventative measures that can be put in place to combat payment fraud, particularly at a cross-border level, is a step in the right direction. This group demonstrates the industry’s growing appetite to rightly view fraud as a non-competitive issue – a perception that will ultimately serve to benefit banking revenues and, importantly, banks customers in the wake of greater fraud challenges such as SEPA.

Michelle Weatherhead, EMEA manager of risk solutions at ACI Worldwide